Chapter 8

avatar
Created by
Niamh Cogan

Subdecks (1)

Cards (58)

  • Why systems are vulnerable
    • Hardware problems
    • Software problems
    • Disasters
    • Use of networks, computers outside of firm's control
    • Domestic or offshore outsourcing vendors
    • Mobile devices
  • Contemporary security challenges and vulnerabilities
    • The architecture of a Web-based application typically includes a Web client, a server, and corporate information systems linked to databases. Each of these components presents security challenges and vulnerabilities.
    • Vulnerabilities occurs at each layer and in the communications between the layers
  • Ransomware is malware designed to deny a user or organization access to files on their computer
  • How ransomware works
    1. Infection and distribution vectors
    2. Data encryption
    3. Ransom demand
  • Ransomware as a Service (RaaS)

    A business model between ransomware operators and affiliates
  • Roles in Ransomware as a Service
    • Initial Access Brokers (IAB)
    • RaaS Affiliates
  • BlackCat is a major and long-established player in the wider family of Russia-linked or based ransomware crews and affiliates
  • Cybersecurity and Infrastructure Security Agency (CISA) aware of ransomware attacks targeting VMware ESXi hypervisors
  • Why are information systems vulnerable?
    • Network open to anyone
    • Size of Internet means abuses can have wide impact
    • Use of fixed Internet addresses with permanent connections to Internet eases identification by hackers
    • E-mail attachments, file downloading and sharing
    • E-mail used for transmitting trade secrets
  • Wireless security challenges
    • Radio frequency bands easy to scan
    • SSIDs (service set identifiers) identify access points in a Wi-Fi network and broadcast multiple times
    • War driving - eavesdroppers drive by buildings and try to intercept network traffic
    • With access to SSID, has access to network's resources
  • Malware
    Malicious software programs
  • Types of malicious software
    • Viruses
    • Worms
    • Trojan horses
    • Spyware
    • Keyloggers
    • Ransomware
    • Mobile device malware
    • Social network malware
  • Hacker
    Individual who intends to gain unauthorized access to a computer system
  • Cracker
    A hacker with criminal intent
  • Types of computer crime
    • System intrusion
    • Theft of goods and services
    • System damage
    • Cybervandalism
  • Pharming redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser
  • Click fraud is fraudulent clicks on online ads
  • Global threats
    • Cyberterrorism (DOS attacks, Launching Malware, Phishing etc.)
    • Cyberwarfare (State sponsored activity to cripple and defeat another state or nation using IT)
  • Identity theft is a crime in which someone wrongfully obtains and uses another person's personal data
  • Computer crime
    Any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution
  • Computer may be target of crime
    • Breaching confidentiality of protected computerized data
    • Accessing a computer system without authority
  • Computer may be instrument of crime
    • Theft of trade secrets
    • Using e-mail for threats or harassment
  • Pharming
    Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser (by gaining access to the ISP store)
  • Click fraud
    Fraudulent clicks on online ads. Advertiser typically pays a fee for each click, which is supposed to direct potential buyers to its products
  • Global threats
    • Cyberterrorism (DOS attacks, Launching Malware, Phishing etc.)
    • Cyberwarfare (State sponsored activity to cripple and defeat another state or nation using IT)
  • Identity theft
    A crime in which an imposter obtains key pieces of personal information, such as social security numbers, driver's license numbers, or credit card numbers, to impersonate someone else
  • Tactics for Identity Theft
    • Phishing (involves setting up fake websites or sending e-mail messages that look like those of legitimate businesses to ask users for confidential personal data)
    • Evil twins (are wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet, such as those in airport lounges, hotels, or coffee shops)
  • Internal Threats: Employees
    • Inside knowledge (Privileged Information)
    • Sloppy security procedures
    • User lack of knowledge - careless with company data, passwords etc.
    • Social engineering: Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information
    • End Users - Inputting faulty data or not following the proper instructions for processing data
    • Specialists create software errors as they develop new software
  • Denial-of-service attacks (DoS)

    Flooding server with thousands of false requests to crash the network. The network receives so many queries that it cannot keep up with them and is thus unavailable to service legitimate requests
  • Although DoS attacks do not destroy information or access restricted areas of a company's information system, they often cause a website to shutdown
  • Distributed denial-of-service attacks (DDoS)
    Use of numerous computers to launch a DoS. Botnets are networks of "zombie" PCs infiltrated by bot malware. Opens a back door through which an attacker can issue instructions - infected computer becomes a slave in a DDoS attack
  • What are the most important tools and technologies for safeguarding information resources?
    • Identity Management & Authentication
    • Firewall, Intrusion Detection Systems & Anti Virus Software
    • Wireless Network Security
    • Encryption
    • Fault-tolerant computer systems
    • Security of Cloud and Mobile
    • Ensuring Data Quality
  • Identity management software
    Automates keeping track of all users and privileges. Authenticates users, protecting identities, controlling access
  • Authentication
    • Password systems
    • Tokens (Physical device similar to ID Card, typically fit on key rings & display passcodes that change frequently)
    • Smart cards (Size of a credit card that contains a chip formatted with access permission & other data)
    • Biometric authentication (Makes each individual unique)
    • Two-factor authentication (Two authentication methods)
  • Firewall
    Combination of hardware and software that prevents unauthorized access to network. Generally placed between the organization's private internal network and the distrusted external network
  • Firewall technologies
    • Packet filtering (Stops SPAM)
    • Stateful inspection (Stops inappropriate content)
    • Network address translation (NAT) (Conceals the IP address)
    • Application proxy (Stops Specific Application Usage)
  • Intrusion detection systems
    Monitor hot spots on corporate networks to detect and deter intruders. Examine events as they are happening to discover attacks in progress
  • Antivirus and antispyware software
    Check computers for presence of malware and can often eliminate it as well. Require continual updating (Pushed out automatically in corporate environments)
  • Unified Threat Management (UTM) systems
    Provided by security vendors - Combination of items A to C in a single application i.e. Cisco
  • WEP security
    Static encryption keys are relatively easy to crack. Improved if used in conjunction with VPN